Re: lilypond via web interface: security considerations

From:

Alex

Subject:

Re: lilypond via web interface: security considerations

Date:

Mon, 18 May 2009 15:12:16 +0100

User-agent:

Thunderbird 2.0.0.21 (Windows/20090302)

Graham Percival wrote:

#(system 'rm -rf /')
or something like that.
Search the mailist archives on this list and the -devel list for a
discussion. In summary:
1) somebody could wipe out anything that the web interface
software can touch.
3) somebody could read anything that the web interface software
can read.
2) somebody could use up as many resources as you're willing to
give the web interface.
We know how to solve these issues, but nobody has offered to work
on them, so they remain unsolved.

Clearly I'll have to be very careful about what is permitted!

When you say that you know how to solve these issues - can you elaborate
please? Do you mean in terms of the changes required to lilypond to
enable a "locked down" mode, or something else?